StegEraser: Defending cybersecurity against malicious covert communications

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Computer Security Pub Date : 2023-11-17 DOI:10.3233/jcs-220094
Jianfeng Zhang, Wensheng Zhang, Jingdong Xu
{"title":"StegEraser: Defending cybersecurity against malicious covert communications","authors":"Jianfeng Zhang, Wensheng Zhang, Jingdong Xu","doi":"10.3233/jcs-220094","DOIUrl":null,"url":null,"abstract":"Traditionally, the mission of intercepting malicious traffic between the Internet and the internal network of entities like organizations and corporations, is largely fulfilled by techniques such as deep packet inspection (DPI). However, steganography, the methodology of hiding secret data in seemingly benign public mediums (e.g., images), has been leveraged by advanced persistent threat (APT) groups in recent years, and is almost impossible to be detected and intercepted by traditional techniques, posing a pervasive and realistic threat to cybersecurity. Additionally, internal networks’ vulnerability to steganography is further exacerbated by the connectivity and large attack surface of the Internet of Things (IoT), whose adoption and deployment are quickly expanding. To protect computer systems against malicious communications that apply steganographic methods potentially unknown to cybersecurity stakeholders, we propose StegEraser, an approach to removing the secret information embedded in public mediums by adversaries, that is fundamentally distinct from existing research which is primarily designed for known steganographic methods. Implemented for images, StegEraser injects an excessively huge amount of random binary data with a novel steganographic method into the images, by utilizing the information-merging capabilities of invertible neural networks (INNs), in order to “overload” adversaries’ steganographic hiding capacity of images transmitted through the firewall performing DPI. In the meantime, StegEraser preserves the perceptual quality of the images. In other words, StegEraser “defeats unknown steganography with steganography”. Extensive evaluation verifies that StegEraser significantly outperforms state-of-the-art (SOTA) methods in terms of removing secret information embedded with both traditional and neural network-based steganographic methods, while visually maintaining the image quality.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2023-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-220094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Traditionally, the mission of intercepting malicious traffic between the Internet and the internal network of entities like organizations and corporations, is largely fulfilled by techniques such as deep packet inspection (DPI). However, steganography, the methodology of hiding secret data in seemingly benign public mediums (e.g., images), has been leveraged by advanced persistent threat (APT) groups in recent years, and is almost impossible to be detected and intercepted by traditional techniques, posing a pervasive and realistic threat to cybersecurity. Additionally, internal networks’ vulnerability to steganography is further exacerbated by the connectivity and large attack surface of the Internet of Things (IoT), whose adoption and deployment are quickly expanding. To protect computer systems against malicious communications that apply steganographic methods potentially unknown to cybersecurity stakeholders, we propose StegEraser, an approach to removing the secret information embedded in public mediums by adversaries, that is fundamentally distinct from existing research which is primarily designed for known steganographic methods. Implemented for images, StegEraser injects an excessively huge amount of random binary data with a novel steganographic method into the images, by utilizing the information-merging capabilities of invertible neural networks (INNs), in order to “overload” adversaries’ steganographic hiding capacity of images transmitted through the firewall performing DPI. In the meantime, StegEraser preserves the perceptual quality of the images. In other words, StegEraser “defeats unknown steganography with steganography”. Extensive evaluation verifies that StegEraser significantly outperforms state-of-the-art (SOTA) methods in terms of removing secret information embedded with both traditional and neural network-based steganographic methods, while visually maintaining the image quality.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
StegEraser:抵御恶意隐蔽通信,保护网络安全
传统上,拦截互联网与组织和公司等实体内部网络之间恶意流量的任务主要由深度数据包检测(DPI)等技术来完成。然而,隐写术是一种将秘密数据隐藏在看似无害的公共媒介(如图像)中的方法,近年来已被高级持续威胁(APT)组织所利用,传统技术几乎无法检测和拦截,对网络安全构成了无处不在的现实威胁。此外,物联网(IoT)的连接性和巨大的攻击面进一步加剧了内部网络对隐写术的脆弱性,而物联网的采用和部署正在迅速扩大。为了保护计算机系统免受恶意通信的攻击,这些恶意通信采用了网络安全利益相关者可能不知道的隐写方法,我们提出了 StegEraser,这是一种移除对手嵌入公共媒介中的秘密信息的方法,与主要针对已知隐写方法设计的现有研究有着本质区别。针对图像,StegEraser 利用可逆神经网络(INNs)的信息合并能力,通过一种新颖的隐写方法向图像中注入过量的随机二进制数据,以 "超载 "对手通过执行 DPI 的防火墙传输的图像的隐写隐藏能力。同时,StegEraser 还能保持图像的感知质量。换句话说,StegEraser "用隐写术打败未知隐写术"。广泛的评估证明,StegEraser 在去除传统和基于神经网络的隐写方法所嵌入的秘密信息方面,明显优于最先进的(SOTA)方法,同时在视觉上保持了图像质量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Computer Security
Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
1.70
自引率
0.00%
发文量
35
期刊介绍: The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.
期刊最新文献
Adaptive multi-cascaded ResNet-based efficient multimedia steganography framework using hybrid mouth brooding fish-emperor penguin optimization mechanism Securing Images using Bifid Cipher associated with Arnold Map Identity-based chameleon hash from lattices Practical multi-party private set intersection cardinality and intersection-sum protocols under arbitrary collusion1 MVDet: Encrypted malware traffic detection via multi-view analysis
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1